The format of a zone file is defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). This format was originally used by the Berkeley Internet Name Domain (BIND) software package, but has been widely adopted by other DNS server software – though some of them (e.g. NSD, PowerDNS) are using the zone files only as a starting point to compile them into database format, see also Microsoft DNS with Active Directory-database integration.

A zone file is a sequence of line-oriented entries, each of which is either a directive or a text description that defines a single resource record (RR). An entry is composed of fields separated by any combination of white space (tabs and spaces), and ends at a line boundary except inside a quoted string field value or a pair of enclosing formatting parentheses. Any line may end with comment text preceded by a semicolon, and the file may also contain any number of blank lines.

Entries may occur in any order in a zone file, with some exceptions.

Directives are control entries that affect the rest of the zone file. The first field of a directive consists of a dollar sign followed by a keyword:

• $ORIGIN is followed by a domain name to be used as the origin for subsequent relative domain names.
• $INCLUDE is followed by a file name and optional origin domain name to be used when interpreting its contents (which are treated as if they appeared in the parent file, followed by a reset to the origin value preceding evaluation of the directive).
• $TTL, defined in RFC 2308 (section 4), is followed by a number to be used as the default TTL (time-to-live).
• $GENERATE, a non-standard extension accepted by BIND and some other name server software to insert multiple resource records with one entry, is followed by a concise representation of an increasing sequence of nonnegative numbers and then a template RR entry. A resource record is added for each number in the sequence, using the template with unescaped "$" characters replaced by the number.

A resource record entry consists of several fields as follows (both field orderings are acceptable and may be used interchangeably):

The name field may be left blank. If so, the record inherits the field from the previous record. A free standing @ is used to denote the current origin.

The ttl field specifies the number of seconds after which a caching client must discard the record and perform a new resolution operation to obtain fresh information. Some name servers, including BIND, allow nonstandard representations that use time unit abbreviations (for example, "2d" meaning two 24-hour days or "1h30m" meaning one hour and 30 minutes). It may be omitted, in which case the resulting value will be set from the default TTL (if defined) or from the preceding record.

The record class field indicates the namespace of the record information. It may be omitted, in which case the resulting value will be set from the preceding record. The most commonly used namespace is that of the Internet, indicated by parameter IN, but others exist and are in use, e.g., CHAOS.

The record type field is an abbreviation for the type of information stored in the last field, record data. For example: an address record (type A for IPv4, or type AAAA for IPv6,) maps the domain name from the first field to an IP address in the record data; a mail exchanger record (type MX) specifies the Simple Mail Transfer Protocol (SMTP) mail host for a domain.

The record data field may consist of one or more information elements, depending on the requirements of each record type. For example, an address record only requires an address, while a mail exchanger record requires a priority and a domain name. Such information elements are represented as fields separated by white space.

Example file edit

An example of a zone file for the domain example.com is the following:

$ORIGIN example.com. ; designates the start of this zone file in the namespace $TTL 3600 ; default expiration time (in seconds) of all RRs without their own TTL value example.com. IN SOA ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 ) example.com. IN NS ns ; ns.example.com is a nameserver for example.com example.com. IN NS ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com example.com. IN MX 10 mail.example.com. ; mail.example.com is the mailserver for example.com @ IN MX 20 mail2.example.com. ; equivalent to above line, "@" represents zone origin @ IN MX 50 mail3 ; equivalent to above line, but using a relative host name example.com. IN A 192.0.2.1 ; IPv4 address for example.com IN AAAA 2001:db8:10::1 ; IPv6 address for example.com ns IN A 192.0.2.2 ; IPv4 address for ns.example.com IN AAAA 2001:db8:10::2 ; IPv6 address for ns.example.com www IN CNAME example.com. ; www.example.com is an alias for example.com wwwtest IN CNAME www ; wwwtest.example.com is another alias for www.example.com mail IN A 192.0.2.3 ; IPv4 address for mail.example.com mail2 IN A 192.0.2.4 ; IPv4 address for mail2.example.com mail3 IN A 192.0.2.5 ; IPv4 address for mail3.example.com

At minimum, the zone file must specify the Start of Authority (SOA) record with the name of the authoritative master name server for the zone and the email address of someone responsible for management of the name server (represented as a domain name, with a full stop character in place of the usual @ symbol). The parameters of the SOA record also specify a list of timing and expiration parameters (serial number, slave refresh period, slave retry time, slave expiration time, and the maximum time to cache the record). Some name servers, including BIND, also require at least one additional NS record.

In the zone file, domain names that end with a full stop character (such as "example.com." in the above example) are fully qualified while those that do not end with a full stop are relative to the current origin (which is why www in the above example refers to www.example.com).

A zone file is referenced by the configuration file of the name server software. For example, BIND typically uses a statement such as:

zone "example.com" { type master; file "/var/named/db.example.com"; }; 

The zone files for the DNS root zone and for the set of top-level domains contain resource records only for the authoritative domain name servers for each domain name.

Some server software automatically configures resource records for specially recognized domains or hostnames, such as localhost, but a customized zone master file may be used.

An example for manual configuration of the forward zone for localhost is the following:

$ORIGIN localhost. @ 86400 IN SOA @ root (  1999010100 ; serial  10800 ; refresh (3 hours)  900 ; retry (15 minutes)  604800 ; expire (1 week)  86400 ; minimum (1 day)  ) @ 86400 IN NS @ @ 86400 IN A 127.0.0.1 @ 86400 IN AAAA ::1 

The corresponding reverse zone definition is:

;; reverse zone file for 127.0.0.1 and ::1 $TTL 1814400 ; 3 weeks @ 1814400 IN SOA localhost. root.localhost. (  1999010100 ; serial  10800 ; refresh (3 hours)  900 ; retry (15 minutes)  604800 ; expire (1 week)  86400 ; minimum (1 day)  ) @ 1814400 IN NS localhost. 1 1814400 IN PTR localhost. 

This file does not specify the origin so that it may be used for both IPv4 and IPv6 with this configuration:

zone "0.0.127.in-addr.arpa" IN {  type master;  file "r.local";  }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {  type master;  file "r.local";  }; 

Similar zone master files may be created for the reverse resolution of the broadcast address and the null address. Such zone files prevent a DNS server from referring to other, possibly external DNS servers.

• List of DNS record types

• Create a Zone file November 12, 2020, at the Wayback Machine